Ticket #33154: 33154.2.diff

src/wp-admin/includes/class-wp-comments-list-table.php

@@ -474 +474 @@
 
                 $post = get_post();
 
+                /*
+                 * If the post doesn't exist, we have an orphaned comment.
+                 * Give it a fake post ID, so that it doesn't cause PHP warnings.
+                 */
+                if ( ! $post ) {
+                        $post = new stdClass();
+                        $post->ID = -1;
+                }
+
                 $the_comment_status = wp_get_comment_status( $comment->comment_ID );
 
                 $out = '';

src/wp-includes/capabilities.php

@@ -1305 +1305 @@
                 if ( empty( $comment ) )
                         break;
                 $post = get_post( $comment->comment_post_ID );
-                $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
+
+                /*
+                 * If the post doesn't exist, we have an orphaned comment.
+                 * Fall back to the edit_posts capability, instead.
+                 */
+                if ( $post ) {
+                        $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
+                } else {
+                        $caps = map_meta_cap( 'edit_posts', $user_id );
+                }
                 break;
         case 'unfiltered_upload':
                 if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) )  )

tests/phpunit/tests/ajax/EditComment.php

@@ -75 +75 @@
         }
 
         /**
+         * @ticket 33154
+         */
+        function test_editor_can_edit_orphan_comments() {
+                global $wpdb;
+
+                // Become an editor
+                $this->_setRole( 'editor' );
+
+                // Get a comment
+                $comments = get_comments( array(
+                        'post_id' => $this->_comment_post->ID
+                ) );
+                $comment = array_pop( $comments );
+
+                // Manually update the comment_post_ID, because wp_update_comment() will prevent it.
+                $wpdb->query( "UPDATE {$wpdb->comments} SET comment_post_ID=0 WHERE comment_ID={$comment->comment_ID}" );
+                clean_comment_cache( $comment->comment_ID );
+
+                // Set up a default request
+                $_POST['_ajax_nonce-replyto-comment'] = wp_create_nonce( 'replyto-comment' );
+                $_POST['comment_ID']                  = $comment->comment_ID;
+                $_POST['content']                     = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit.';
+
+                // Make the request
+                try {
+                        $this->_handleAjax( 'edit-comment' );
+                } catch ( WPAjaxDieContinueException $e ) {
+                        unset( $e );
+                }
+
+                // Get the response
+                $xml = simplexml_load_string( $this->_last_response, 'SimpleXMLElement', LIBXML_NOCDATA );
+
+                // Check the meta data
+                $this->assertEquals( -1, (string) $xml->response[0]->edit_comment['position'] );
+                $this->assertEquals( $comment->comment_ID, (string) $xml->response[0]->edit_comment['id'] );
+                $this->assertEquals( 'edit-comment_' . $comment->comment_ID, (string) $xml->response['action'] );
+
+                // Check the payload
+                $this->assertNotEmpty( (string) $xml->response[0]->edit_comment[0]->response_data );
+
+                // And supplemental is empty
+                $this->assertEmpty( (string) $xml->response[0]->edit_comment[0]->supplemental );
+        }
+
+        /**
          * Get comments as a non-privileged user (subscriber)
          * Expects test to fail
          * @return void